I'm not a KDE developer, only a simple developer. Also, I'm a student.
In Gymnasium (similiar to am. College) the technologist's education had the possibility to have a course in "Net-technology". There we didn't read aqbout those stuff, we practised them. It's was all very low-level and all the way through 1960 to 1995.

Anyway, we are currently all using previous version of KDE that have this security issue. Releasing it or not change nothing towards this situation. But if they haved released it at the start of december, KDE 3.1.1 will have been ready for mid-january, just like KDE 3.1 will be ready by this time.
A lot of people will have had the time to look at it in their Christmas holidays. But today, what we have, it is frustrated people that are waiting already for one month and that will have to wait for another month for a security problem that affect also the KDE version they are currently using...

no, you're not being left waiting for security updates, just for 3.1 a release.
AIUI, there will be security updates available for 2.2.x and 3.0.x as soon as possible (these are less work for packagers than 3.1 would have been), and you'll get another 3.1RC to tide you over for shiny features.